-
1. Re: getting the role name after form login
j2ee_junkie May 27, 2006 5:38 PM (in response to bezdomny)Bob,
It is O.K. to use request.getUserPrincipal to get your userid. However, there is no Java EE standard for getting the user's role. You can ask if the user is in a certain role using request.isUserInRole(). JBoss does offer the ability to get to the authenticated Subject via a JNDI lookup. I think the name is "java:/jaas/your_securit_domain/subject", but I am not positive and I can't remember where I read that.
later, cgriffith -
2. Re: getting the role name after form login
anil.saldhana May 27, 2006 5:49 PM (in response to bezdomny)There is a JBoss specific way of doing this.
//Get the Authenticated Subject Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); //Now look for a Group called Roles Set principals = subject.getPrincipals(Principal.class); Iterator iter = principals.iterator(); while(iter.hasNext()) { Principal p = (Principal)iter.next; if(p instanceof SimpleGroup) { SimpleGroup sg = (SimpleGroup)p; if("Roles".equals(sg.getName()) //we got the roles } }
The flip side is that this gives all the roles the user belongs to. -
3. Re: getting the role name after form login
bezdomny May 27, 2006 7:28 PM (in response to bezdomny)Thanks so much for the replies. I'll try them out asap.
B -
4. Re: getting the role name after form login
anil.saldhana May 28, 2006 12:36 AM (in response to bezdomny)With a recent use of the JBossGenericPrincipal as the holder of the roles, I am unsure if my earlier approach holds good. If JGP is the answer, then you will need a custom valve to get hold of the JGP from the catalina request object.
-
5. Re: getting the role name after form login
bezdomny May 28, 2006 12:38 AM (in response to bezdomny)This code seems to work:
private void findRole() throws PolicyContextException {
// Get the Authenticated Subject
Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
// Now look for a Group called Roles
Set principals = subject.getPrincipals(Principal.class);
Iterator iter = principals.iterator();
while(iter.hasNext()) {
Principal p = (Principal)iter.next();
if(p instanceof SimpleGroup) {
SimpleGroup sg = (SimpleGroup)p;
if("Roles".equals(sg.getName())) {
Enumeration en = sg.members();
while(en.hasMoreElements()) {
String role = en.nextElement().toString();
if(role != null) {
setRole(role);
}
}
}
}
}
} -
6. Re: getting the role name after form login
bezdomny May 28, 2006 9:02 AM (in response to bezdomny)Does anyone think this code is off-base? It seemed to me that the only way to get the role, once the correct group was discovered, was to loop over the Enumeration of members. For me this will be ok since the users of my app won't have multiple roles assigned to them. Unless someone has a better way or there is a problem with this, I'm going to use it for now. Thanks again for the replies and help.
B